Your Councillors


AUDIT GOVERNANCE AND STANDARDS COMMITTEE

19  November 2018

 

Investigatory Powers Commissioner’s Office Inspection Report

 

Final Decision-Maker

Audit Governance and Standards

Lead Head of Service/Lead Director

Patricia Narebor, Head of Legal Partnership

Lead Officer and Report Author

Estelle Culligan, Principal Solicitor, Corporate Governance

Classification

Public

Wards affected

All

 

Executive Summary

 

The Investigatory Powers Commissioner’s Office recently conducted a desktop inspection of the Council’s use of powers under Part II of the Regulation of Investigatory Powers Act 2000 (RIPA). The Inspector expressed her satisfaction with the arrangements that are in place to manage surveillance and other covert activity, which are supported by a well-written corporate policy. The Inspector found there were two extant recommendations from the previous inspection relating to the central record of urgent oral authorisations and the training of Authorising Officers and other key personnel. The Inspector further identified that a number of amendments should be made to the RIPA Policy in order to clarify the Council’s approach to the monitoring or recording of private information available on the internet and social media during investigations. This report sets out proposals to address the Inspection Report’s recommendations.

 

This report makes the following recommendations to Audit, Governance and Standards Committee:  That

1.   This report be noted.

2.   The proposals to address the Inspection Report’s recommendations are approved.

 

 

Timetable

Meeting

Date

Audit Governance and Standards Committee

19 November 2018



Investigatory Powers Commissioner’s Office Inspection Report

 

 

 

1.      INTRODUCTION AND BACKGROUND

 

 

1.1        The Regulation of Investigatory Powers Act (RIPA) was enacted in 2000 to regulate the manner in which certain public bodies may conduct surveillance and access a person's electronic communications and to ensure that the relevant investigatory powers are used in accordance with human rights. The provisions of the Act include:

 

·           the interception of communications;

·           the acquisition of communications data (e.g. billing data);

·           directed and intrusive surveillance (on residential premises/in private  

         vehicles);

·           covert surveillance in the course of specific operations;

·         the use of covert human intelligence sources (Known as “CHIS”) (agents, informants,    undercover officers); and

·           access to encrypted data.

 

1.2        The Council very rarely uses RIPA and, in fact, there have been no RIPA authorisations since 2011. Prior to 2011, most authorisations were used to obtain evidence to support allegations of benefit fraud.  Evidence-gathering activities are now co-ordinated though the National Anti-Fraud Network, (NAFN). This means that the total number of RIPA authorisations across all local authorities is significantly reduced.

 

1.3        The Chief Executive is the person responsible for RIPA. She acts as the Senior Responsible Officer referred to in Part 3 of the revised Code of Practice. The Monitoring Officer maintains a register of authorisations applied for and granted.

 

1.4        The Council receives regular inspections from the Investigatory Powers           Commissioner’s Office (IPCO). The most recent inspection was earlier this year. The Inspector’s Report was issued on 25 June 2018. The Council takes account of the IPCO’s conclusions and recommendations when formulating and revising RIPA practice and policy.

 

1.5        The Inspector’s Report made the following recommendations :

 

·         Recommendation 1 - The Senior Responsible Officer should ensure that RIPA training is refreshed for all relevant officers undertaking the role of applicant or Authorising Officer, at regular intervals. Such training should include discussion of CHIS recognition and management issues and the use of the internet and social media during investigations.

·         Recommendation 2 - The Central Record should be updated to ensure it contains all the matters highlighted at paragraph 8.1 of the Covert Surveillance and Property Interference Revised Code of Practice.

·         Recommendation 3 - Changes should be made to the draft Covert Surveillance and Access to Communication Data Policy and Guidance Note in accordance with paragraph 6.2 of this report.

 

1.6        The Inspector identifies Recommendation 1 as being the more critical of

the three recommendations. It is proposed that this recommendation should be discharged by the relevant Service departments with input of the legal team. A cost effective method of delivering training may be to commission an external firm which specialises in RIPA training, as it is a specialised area requiring expertise that we do not have within the legal team.

 

1.7        To give effect to recommendation 2 the Council’s RIPA policy will be updated to remove reference to urgent authorisations which are no longer available to Councils and to include the date a request for RIPA approval was authorised by the court or otherwise.

 

1.8        Recommendation 3 will, as suggested by the Inspector, be dealt with as part of the RIPA training covering the use of social media and internet information during investigations. In addition, the social media guidance contained within the RIPA policy will be refreshed to make clear what its staff are and are not permitted to do online. The updated draft policy will then be finalised.

 

 

2         AVAILABLE OPTIONS

 

2.1     That the actions proposed to address the recommendations within the IPCO’s report are approved. This option meets the Inspector’s requirements.

 

2.2     AGS could approve such additional or alternative actions that it deems appropriate, provided that alternative actions meet the Inspector’s requirements.

 

2.3     Despite the infrequency of the Council’s use of RIPA, the opportunity for the Council to use the legislation remains and, while it remains, the Council must respond to the Inspector’s recommendations and maintain proper oversight of its use of the powers within the legislation. Therefore there is no alternative possible to “do nothing”.

________________________________________________________________

 

3         PREFERRED OPTION AND REASONS FOR RECOMMENDATIONS

 

3.1    Option 1 is the preferred option as it would implement the Inspector’s recommendations.

 

 

4         RISK

4.1    Currently the risk implications are low as the Council has not authorised any activity under RIPA for some time. However, there is risk of litigation and challenge if authorisations are incorrectly given in the future without proper understanding of the current requirements. The actions set out in the Inspector’s report and recommended in this report will mitigate any such risks.  

 

4.2    It is appropriate for this Committee to have oversight of the Inspector’s report and recommendations, as the Committee’s terms of reference state:

 

4.3    “To consider whether safeguards are in place to secure the Council’s compliance with its own and other published standards and controls”.

 

________________________________________________________________

 

5         CONSULTATION RESULTS AND PREVIOUS COMMITTEE FEEDBACK

 

5.1     Not applicable.

 

 

6         CROSS-CUTTING ISSUES AND IMPLICATIONS

 

Issue

Implications

Sign-off

Impact on Corporate Priorities

We do not expect the recommendations will by themselves materially affect achievement of corporate priorities.  However, they will support the Council’s overall achievement of its aims.

Principal Solicitor, Contentious and Corporate Governance

Risk Management

 The risk implications are set out in section 4 of the report.

 Principal Solicitor, Contentious and Corporate Governance

Financial

There will be some minor cost implications of external training.

Section 151 Officer & Finance Team

Staffing

The recommendations will be delivered with our current staffing.

Principal Solicitor, Contentious and Corporate Governance

Legal

Accepting the recommendations will fulfil the Council’s duties under RIPA 2000 as amended. 

Principal Solicitor, Contentious and Corporate Governance

Privacy and Data Protection

There are no specific privacy or data protection issues to address.

Principal Solicitor, Contentious and Corporate Governance

Equalities

There are no equality implications arising from the report.

Principal Solicitor, Contentious and Corporate Governance

Crime and Disorder

The purpose of the use of RIPA is to assist with control of crime and disorder.

Principal Solicitor, Contentious and Corporate Governance

Procurement

There are no procurement implications arising from the report.

 Principal Solicitor, Contentious and Corporate Governance

 

7         REPORT APPENDICES

 

Investigatory Powers Commissioner’s Report issued 25 June 2018

 

 

8         BACKGROUND PAPERS

 

None